#12244: python3-3.7.4 -------------------------+----------------------- Reporter: bdubbs | Owner: bdubbs Type: enhancement | Status: assigned Priority: normal | Milestone: 9.0 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | -------------------------+-----------------------
Comment (by bdubbs): What's New in Python 3.7.4 final? *Release date: 2019-07-08* Core and Builtins - bpo-37500: Due to unintended side effects, revert the change introduced by :issue:`1875` in 3.7.4rc1 to check for syntax errors in dead conditional code blocks. Documentation - bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John Shipman, New Mexico Tech, with a link to the archive.org copy. What's New in Python 3.7.4 release candidate 2? Security - bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. '127.0.0.1 whatever'. Core and Builtins - bpo-24214: Improved support of the surrogatepass error handler in the UTF-8 and UTF-16 incremental decoders. Library - bpo-37440: http.client now enables TLS 1.3 post-handshake authentication for default context or if a cert_file is passed to HTTPSConnection. - bpo-37437: Update vendorized expat version to 2.2.7. - bpo-37428: SSLContext.post_handshake_auth = True no longer sets SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the option is documented as ignored for clients, OpenSSL implicitly enables cert chain validation when the flag is set. - bpo-32627: Fix compile error when ``_uuid`` headers conflicting included. Windows - bpo-37369: Fixes path for :data:`sys.executable` when running from the Microsoft Store. - bpo-35360: Update Windows builds to use SQLite 3.28.0. macOS - bpo-34602: Avoid test suite failures on macOS by no longer calling resource.setrlimit to increase the process stack size limit at runtime. The runtime change is no longer needed since the interpreter is being built with a larger default stack size. What's New in Python 3.7.4 release candidate 1? Security - bpo-35907: CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and ``local_file://`` URL schemes in ``URLopener().open()`` and ``URLopener().retrieve()`` of :mod:`urllib.request`. - bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit(). - bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. - bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. - bpo-35755: :func:`shutil.which` now uses ``os.confstr("CS_PATH")`` if available and if the :envvar:`PATH` environment variable is not set. Remove also the current directory from :data:`posixpath.defpath`. On Unix, :func:`shutil.which` and the :mod:`subprocess` module no longer search the executable in the current directory if the :envvar:`PATH` environment variable is not set. Core and Builtins - bpo-37269: Fix a bug in the peephole optimizer that was not treating correctly constant conditions with binary operators. Patch by Pablo Galindo. - bpo-37219: Remove errorneous optimization for empty set differences. - bpo-26423: Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long) < sizeof(Py_ssize_t)`` (e.g., 64-bit Windows). - bpo-36829: :c:func:`PyErr_WriteUnraisable` now displays the exception even if displaying the traceback failed. Moreover, hold a strong reference to :data:`sys.stderr` while using it. Document that an exception must be set when calling :c:func:`PyErr_WriteUnraisable`. - bpo-36907: Fix a crash when calling a C function with a keyword dict (``f(**kwargs)``) and changing the dict ``kwargs`` while that function is running. - bpo-36946: Fix possible signed integer overflow when handling slices. - bpo-27987: ``PyGC_Head`` structure is aligned to ``long double``. This is needed to ensure GC-ed objects are aligned properly. Patch by Inada Naoki. - bpo-1875: A :exc:`SyntaxError` is now raised if a code blocks that will be optimized away (e.g. if conditions that are always false) contains syntax errors. Patch by Pablo Galindo. (Reverted in 3.7.4 final by :issue:`37500`.) - bpo-28866: Avoid caching attributes of classes which type defines mro() to avoid a hard cache invalidation problem. - bpo-27639: Correct return type for UserList slicing operations. Patch by Michael Blahay, Erick Cervantes, and vaultah - bpo-32849: Fix Python Initialization code on FreeBSD to detect properly when stdin file descriptor (fd 0) is invalid. - bpo-27987: pymalloc returns memory blocks aligned by 16 bytes, instead of 8 bytes, on 64-bit platforms to conform x86-64 ABI. Recent compilers assume this alignment more often. Patch by Inada Naoki. - bpo-36504: Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``. - bpo-20844: Fix running script with encoding cookie and LF line ending may fail on Windows. - bpo-24214: Fixed support of the surrogatepass error handler in the UTF-8 incremental decoder. - bpo-36459: Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's ``tok_nextc()``. - bpo-36433: Fixed TypeError message in classmethoddescr_call. - bpo-36430: Fix a possible reference leak in :func:`itertools.count`. - bpo-36440: Include node names in ``ParserError`` messages, instead of numeric IDs. Patch by A. Skrobov. - bpo-36421: Fix a possible double decref in _ctypes.c's ``PyCArrayType_new()``. - bpo-36256: Fix bug in parsermodule when parsing a state in a DFA that has two or more arcs with labels of the same type. Patch by Pablo Galindo. - bpo-36236: At Python initialization, the current directory is no longer prepended to :data:`sys.path` if it has been removed. - bpo-36262: Fix an unlikely memory leak on conversion from string to float in the function ``_Py_dg_strtod()`` used by ``float(str)``, ``complex(str)``, :func:`pickle.load`, :func:`marshal.load`, etc. - bpo-36218: Fix a segfault occuring when sorting a list of heterogeneous values. Patch contributed by RĂ©mi Lapeyre and Elliot Gorokhovsky. - bpo-36035: Added fix for broken symlinks in combination with pathlib - bpo-18372: Add missing :c:func:`PyObject_GC_Track` calls in the :mod:`pickle` module. Patch by Zackery Spytz. - bpo-34408: Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``. More. See Misc/NEWS in tarball. -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12244#comment:2> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page